Configuring VLANs - Cisco

Configuring VLANs

? Finding Feature Information, page 1 ? Prerequisites for VLANs, page 1 ? Restrictions for VLANs, page 2 ? Information About VLANs, page 2 ? How to Configure VLANs, page 9 ? Monitoring VLANs, page 18 ? Configuration Examples, page 19 ? Where to Go Next, page 20 ? Additional References, page 20 ? Feature History and Information for VLAN, page 21

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to . An account on is not required.

Prerequisites for VLANs

The following are prerequisites and considerations for configuring VLANs: ? The switch supports 1005 VLANs when running the IP Lite image. ? The switch supports 256 SVIs when running the IP Lite image.

OL-29440-01

Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.0(2)EX1 1

Restrictions for VLANs

Configuring VLANs

Restrictions for VLANs

The following are the restrictions for configuring VLANs: ? The switch supports homogeneous stacking, but does not support mixed stacking.

Information About VLANs

Logical Networks

A VLAN is a switched network that is logically segmented by function, project team, or application, without regard to the physical locations of the users. VLANs have the same attributes as physical LANs, but you can group end stations even if they are not physically located on the same LAN segment. Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in the VLAN. Each VLAN is considered a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router or a switch supporting fallback bridging. In a switch stack, VLANs can be formed with ports across the stack. Because a VLAN is considered a separate logical network, it contains its own bridge Management Information Base (MIB) information and can support its own implementation of spanning tree.

Figure 1: VLANs as Logically Defined Networks

VLANs are often associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN. Interface VLAN membership on the switch is assigned manually on an

Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.0(2)EX1 2

OL-29440-01

Configuring VLANs

Supported VLANs

interface-by-interface basis. When you assign switch interfaces to VLANs by using this method, it is known as interface-based, or static, VLAN membership.

Traffic between VLANs must be routed or fallback bridged.

The switch can route traffic between VLANs by using switch virtual interfaces (SVIs). An SVI must be explicitly configured and assigned an IP address to route traffic between VLANs.

Supported VLANs

The switch supports VLANs in VTP client, server, and transparent modes. VLANs are identified by a number from 1 to 4094. VLAN IDs 1002 through 1005 are reserved for Token Ring and FDDI VLANs. VTP version 1 and version 2 support only normal-range VLANs (VLAN IDs 1 to 1005). In these versions, the switch must be in VTP transparent mode when you create VLAN IDs from 1006 to 4094. VTP version 3 supports the entire VLAN range (VLANs 1 to 4094). Extended range VLANs (VLANs 1006 to 4094) are supported only in VTP version 3. You cannot convert from VTP version 3 to VTP version 2 if extended VLANs are configured in the domain.

The switch or switch stack supports a total of 1005 (normal range and extended range) VLANs. However, the number of routed ports, SVIs, and other configured features affects the use of the switch hardware.

The switch supports per-VLAN spanning-tree plus (PVST+) or rapid PVST+ with a maximum of 128 spanning-tree instances. One spanning-tree instance is allowed per VLAN.

The switch supports IEEE 802.1Q trunking methods for sending VLAN traffic over Ethernet ports.

VLAN Port Membership Modes

You configure a port to belong to a VLAN by assigning a membership mode that specifies the kind of traffic the port carries and the number of VLANs to which it can belong. When a port belongs to a VLAN, the switch learns and manages the addresses associated with the port on a per-VLAN basis.

Table 1: Port Membership Modes and Characteristics

Membership Mode Static-access

VLAN Membership Characteristics VTP Characteristics

A static-access port can belong to one VLAN and is manually assigned to that VLAN.

VTP is not required. If you do not want VTP to globally propagate information, set the VTP mode to transparent. To participate in VTP, there must be at least one trunk port on the switch or the switch stack connected to a trunk port of a second switch or switch stack.

OL-29440-01

Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.0(2)EX1 3

Normal-Range VLAN Overview

Configuring VLANs

Membership Mode

Trunk (IEEE 802.1Q) :

? IEEE 802.1Q-- Industry-standard trunking encapsulation.

VLAN Membership Characteristics VTP Characteristics

A trunk port is a member of all VTP is recommended but not

VLANs by default, including

required. VTP maintains VLAN

extended-range VLANs, but

configuration consistency by

membership can be limited by managing the addition, deletion,

configuring the allowed-VLAN and renaming of VLANs on a

list. You can also modify the

network-wide basis. VTP

pruning-eligible list to block

exchanges VLAN configuration

flooded traffic to VLANs on trunk messages with other switches over

ports that are included in the list. trunk links.

Dynamic access

A dynamic-access port can belong VTP is required.

to one VLAN (VLAN ID 1 to

Configure the VMPS and the client

4094) and is dynamically assigned with the same VTP domain name.

by a VLAN Member Policy Server

(VMPS).

To participate in VTP, at least one

trunk port on the switch or a switch The VMPS can be a Catalyst 6500 stack must be connected to a trunk series switch, for example, but port of a second switch or switch never a Catalyst 2960, 2960-S, or stack. 2960-C switch. The Catalyst 2960,

2960-S, or 2960-C switch is a

VMPS client.

You can have dynamic-access ports and trunk ports on the same switch, but you must connect the dynamic-access port to an end station or hub and not to another switch.

Voice VLAN

A voice VLAN port is an access VTP is not required; it has no effect port attached to a Cisco IP Phone, on a voice VLAN. configured to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone.

Normal-Range VLAN Overview

Normal-range VLANs are VLANs with VLAN IDs 1 to 1005. If the switch is in VTP server or VTP transparent mode, you can add, modify or remove configurations for VLANs 2 to 1001 in the VLAN database. (VLAN IDs 1 and 1002 to 1005 are automatically created and cannot be removed.)

In VTP versions 1 and 2, the switch must be in VTP transparent mode when you create extended-range VLANs (VLANs with IDs from 1006 to 4094), but these VLANs are not saved in the VLAN database. VTP version 3 supports extended-range VLANs in VTP server and transparent mode.

Configurations for VLAN IDs 1 to 1005 are written to the file vlan.dat (VLAN database), and you can display them by entering the show vlan privileged EXEC command. The vlan.dat file is stored in flash memory. On

Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.0(2)EX1 4

OL-29440-01

Configuring VLANs

VLAN Configuration Saving Process

a switch, the vlan.dat file is stored in flash memory on the stack master. Stack members have a vlan.dat file that is consistent with the stack master.

Token Ring VLANs

Although the switch does not support Token Ring connections, a remote device such as a Catalyst 5000 series switch with Token Ring connections could be managed from one of the supported switches. Switches running VTP Version 2 advertise information about these Token Ring VLANs:

? Token Ring TrBRF VLANs ? Token Ring TrCRF VLANs

Note For more information on configuring Token Ring VLANs, see the Catalyst 5000 Series Software Configuration Guide.

Normal-Range VLANs Configuration Process

You configure VLANs in the vlan global configuration command by entering a VLAN ID. Enter a new VLAN ID to create a VLAN, or enter an existing VLAN ID to modify that VLAN. You can use the default VLAN configuration or enter multiple commands to configure the VLAN. For more information about commands available in this mode, see the vlan global configuration command description in the command reference for this release. When you have finished the configuration, you must exit VLAN configuration mode for the configuration to take effect. To display the VLAN configuration, enter the show vlan privileged EXEC command.

VLAN Configuration Saving Process

The configurations of VLAN IDs 1 to 1005 are always saved in the VLAN database (vlan.dat file). If the VTP mode is transparent, they are also saved in the switch running configuration file. You can enter the copy running-config startup-config privileged EXEC command to save the configuration in the startup configuration file. In a switch stack, the whole stack uses the same vlan.dat file and running configuration. To display the VLAN configuration, enter the show vlan privileged EXEC command. When you save VLAN and VTP information (including extended-range VLAN configuration information) in the startup configuration file and reboot the switch, the switch configuration is selected as follows:

? If the VTP mode is transparent in the startup configuration, and the VLAN database and the VTP domain name from the VLAN database matches that in the startup configuration file, the VLAN database is ignored (cleared), and the VTP and VLAN configurations in the startup configuration file are used. The VLAN database revision number remains unchanged in the VLAN database.

? If the VTP mode or domain name in the startup configuration does not match the VLAN database, the domain name and VTP mode and configuration for the VLAN IDs 1 to 1005 use the VLAN database information.

? In VTP versions 1 and 2, if VTP mode is server, the domain name and VLAN configuration for VLAN IDs 1 to 1005 use the VLAN database information. VTP version 3 also supports VLANs 1006 to 4094.

OL-29440-01

Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.0(2)EX1 5

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download